Authentication is perhaps the most important and one of the trickier topics with regard to securing a web application from the front. Certainly, there are lots of different threat vectors.
One of the easiest things we can do to secure our Express application is to install and use the security middleware called Helmet. Helmet adds a number of security headers and policies, as well as preventing some attacks, such as
It does most of this under the covers, without the need for configuration on our part. For more detailed information, and to find alternative ways to
To get started with Helmet, first install it using
$ npm install helmet --save email@example.com node_modules/helmet |- firstname.lastname@example.org